1. Field of the Invention
This invention relates to the field of data processing systems. More particularly, this invention relates to the detection of the malicious alteration of stored computer files, such as, for example, by computer viruses infecting stored computer files.
2. Description of the Prior Art
It is known to provide anti-virus computer systems that seek to detect if stored computer programs have been subject to computer virus infection whereby the computer file is altered by the computer virus. These anti-virus computer systems typically operate by having a stored library of virus characteristics and then searching the computer files to detect those characteristics. As the number of known computer viruses increases, then the amount of processing needed to search a computer file for any characteristics of all those known computer viruses also increases. Furthermore, the typical number of computer files held within a computer system is also rapidly increasing. This combination of factors produces a problem that the processing load and processing time required to perform comprehensive anti-virus scanning is becoming disadvantageously large. As an example, a fall on-demand scan of every file held on a network storage device may take so long to run that insufficient time is available during the normal out-of-hours periods available to complete such an on-demand scan.
U.S. Pat. No. 5,619,095, U.S. Pat. No. 5,502,815 and U.S. Pat. No. 5,473,815 describe systems that seek to detect alterations in computer files by generating data characteristics of the computer file when first created and then comparing this with similar data generated upon an access attempt to that file to see if that file has been altered.